by Sophia Meral Chapar, Solia Special Projects — We spend a lot of time considering security as part of our business at Solia Media. Although that is usually within the context of securing websites from online attacks, we have some experience in personal online security and I would like to offer a suggestion regarding that. Before proceeding, if you are targeted by world-class hackers, they are going to get you, just like they would get me. We hope they have bigger targets to occupy their time. What I want to do is help you avoid the most likely hacks.
Here is the best step that you can take now: Enable two-factor authentication for whatever service you can. It is a smart move that you won’t regret.
What is two-factor authentication? It’s a process of adding a second, entirely different door between hackers and the gold that is your online identity. Consider the typical way you access your primary email account. You enter a username and password, and you are in. Now, if you are like most people, your billing accounts, banking accounts, shopping accounts, and other email accounts are often connected to your primary email account and often that depend upon it. For example, if you forget your password to your online brokerage account, you click a link that sends a link to your email to reset your password. Right?
So imagine that you are at a coffee shop, using a public wireless account. You sign in to your email -using Google, Yahoo, AT&T or your custom email. A bright but malicious hacker has connected to that network, and uses a packet sniffer and sees both your username and password. Later that evening, he or she logs into your email and searches for references to Amazon, various banks, etc. Finding those, they can usually see or figure out your username. They go to those accounts, put in your username and click “forgot my password.” They get the reset link, reset the password. They are in. You are out. They do that repeatedly while you sleep. That’s how easy it is to have someone take over your life. And in the morning, when you wake, your bank accounts have been cleaned out, precious photos deleted, personal information and images posted on your Facebook page, etc.
Two-factor authentication goes a long way to prevent this. It adds a required “second credential layer” to your logins. It combines the requirement to enter something you know, i.e., a password and username, and then prove that you possess something only you should have. The typical two-factor process involves logging in, and then being required to send a code that is sent to your phone. Therefore, a person who has intercepted your username and password cannot access your account, without also possessing your phone. So, if you get fooled into giving that international or local hacker your credentials for a key account, they have only part of what they need to access your account.
An increasing number of services are offering you the choice to implement two-factor authentication. Banks and other financial institutions are moving quickly to require it. However, you must elect to use it for your other accounts. Choose to do that for your email accounts, and for accounts like Facebook, Amazon, ICloud and other key accounts. How many times do you see your friends have to report to you that “someone has hacked my Facebook account, please do not accept friend requests, etc.?” With two-factor authentication, the chances of such a hijacking happening to you will be reduced to near zero. Facebook calls it “login approvals.” You can find it in your security settings.
Two-factor authentication is not going to eliminate the prospect of your being hacked or having your identity appropriated. Notably, many hackers find the best success using social engineering. They figure out how to contact your service providers and pretend that they are you. That’s for another post. However, please start with two-factor authentication.
At Solia Media, we offer consulting in this area. Call us if you want some help. You can think of it as “the ounce of prevention.”